On Tue, 4 May 2004, Craig Huckabee wrote:
>
> Where can the regular expressions discussed in 'doc/variables.txt' be
> used ? I'd like to modify the User-Name attribute as passed in for use
> as a filter for rlm_ldap.
>
> For example, during an EAP-TLS, I get an EAP packet like this:
>
> NAS-IP-Address = ...
> NAS-Port-Type = Async
> User-Name = "host/g21476.fo.bar"
> Service-Type = Framed-User
> Framed-MTU = 1500
> Calling-Station-Id = ...
> State = ...
> EAP-Message = ...
> Message-Authenticator = ...
>
>
> I'd like to strip off the 'host/' from User-Name and use that as a
> filter in rlm_ldap for the authorize step, like:
>
> ldap {
> ...
> User-Name =~ "^([^/]+)/(.*)"
> filter = "(cn=`%{2}`)"
> ...
> }
> That fails horribly (cn='') so I'm not sure where those types of regex
> statements can be used in radiusd.conf.
The above won't work. You can't just add the User-Name line in the rlm_ldap
configuration and expect it to work.
You can either use rlm_attr_rewrite to strip the 'host/' part, or probably add
a Hint variable in the users file and use that as the filter:
--users--
DEFAULT User-Name =~ "^([^/]+)/(.*)", Hint := `%{2}`
--radiusd.conf--
ldap {
filter = "(cn=%{check:Hint})"
...
}
>
> Is that possible or am I completely misunderstanding variables.txt ?
> I'm running FreeRADIUS built from CVS as of 4/21/04.
>
> Thanks,
> Craig
>
> PS Forgive the wandering nature of this e-mail, 12+ hours at work...
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
